Vulnerabilities Research Group

Meeting Notes
Wednesday, April 15, 1998

Meeting began at 11:00AM

Present: Matt Bishop, Todd Heberlein, Keith Herold, Anna Mell, Peter Mell, David O'Brien, David T.


Meeting began at 11:00AM

1. (Matt Bishop)

Discuss SGML

2. (Todd Heberlien)

Wharez Sites


Matt- SGML deals with structure vs.programming in HTML. What makes up vulnerabilities description?

Revision number followed by information about the change. VDESC= description of, long, vers, os.etc..Describes elements.

SGREP- allows you to search based on structure and check for special terms. It's used a lot in WWW and library science.

XML is subset of SGML.

Many programs will handle this as well.

Next week I'll show you format in WORD.

Eliminates problems in searching for something because it handles case and looks for something approximate.

It is isostandard.

Invented in 1969.

Wharez Sites

Todd- Found host is over in Leech dorms.

25% of traffic is for Wharez sights.

21 million connections and 37 pages in one hour

Very few rschells

Fragmented packet bounced back at them.

We assumed there wouldn't be fragmented imcp packets, but that was wrong.

I'm collecting statistics right now on everything. Traffic goes up to 4-5 probably hitting lots of machings. Don't have a lot of people receiving attacks. Did some horizontal scans checking for FTP servers for a particular service. Do binary transfer to Windows box.

What are appropriate attack signatures?

David O.- What about SNMP traffic?

Next Week

- Bring statistics for different servers.

-Peter will talk about Cohen's Stackguard paper.

-Demos with code.

Meeting adjourned at 11:50AM
Send email to
Matt Bishop
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 4/16/98